Modula Gallery Photo Grid & Video Gallery Plugin Vulnerability

MEDIUM (6.5) No Patch (2 days)
cwe-22directory-traversalpath-traversalphppluginvulnerabilitywordpress

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 13%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Modula Gallery – Photo Grid & Video Gallery plugin for WordPress is a popular image gallery plugin used by many websites to display and manage photos and videos. This vulnerability allows attackers to execute arbitrary code on the server by manipulating user-supplied directory paths, which can lead to unauthorized access to sensitive data.

Am I affected?

Specific version info not stated in the advisory.

Affected Products

WordPress.org / Modula Gallery Photo Grid & Video Gallery

How to fix

To fix this vulnerability, upgrade to Modula Gallery Photo Grid & Video Gallery plugin version 2.13.3 or later. You can download the latest version from the WordPress Plugin Directory: https://wordpress.org/plugins/modula-best-grid-gallery/

Immediate mitigations:

  • Restrict network access to your WordPress installation (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References